It is way too complicated for me so I share it to get your views on it.

Quote:

The reported vulnerability, which has left those who discovered it
- Justin Case, Trevor Eckhart and Artem Russakovskii from Android Police - speechless,
involves a suite of logging tools included in recent HTC modifications
to the Android operating system in EVO and Thunderbolt models that
collect a stack of information on the user's phone.
But not only do the modifications collect a swathe of information,
they also allow nefarious types to send that data to wherever on the Internet they like.

"It's like leaving your keys under the mat and expecting nobody
who finds them to unlock the door," says Russakovskii.
The list of compromised data includes but is not limited to:

Eckhart only released the information after contacting HTC
on September 24th and receiving no real response for five days
in the hopes that making the security vulnerability public would
prompt HTC to address the issue.
Although the team at Android Police believes HTC is looking into
the issue, there's been no statement from the company as yet.

The team also uncovered an app added by HTC called androidserver.apk
that is basically a remote access server that could allow third parties
access to the phone.

They say that, while the addition of the app "could end up being insignificant,"
it is still "very suspicious." Although the app isn't started by default,
it isn't clear what or who can trigger it.

While open source software, such as Android, has many advantages
over a closed system, such as allowing greater creativity on the part
of developers, the vulnerability the Android Police team claims to have
uncovered highlights one of the major downsides of open source
software.
While users expect problems from sources in the darker corners
of the Internet and are extra vigilant in looking out for anything
that may compromise the security of their devices, the fact this problem
comes from one of the biggest players in the Android space is a real concern.

_________________I use Google Search on Puppy Forum
not an ideal solution though

That would either makes Puppy very vulnerable or only vulnerable
when the criminals find it worth their time to write an exploit of that
potential vulnerability._________________I use Google Search on Puppy Forum
not an ideal solution though

No, Puppy is not a rewrite of Linux, and no, Puppy's being weird compared to most distros does not make it "very vulnerable". Most of the weirdnesses in Puppy have no bearing on security at all.

Yes, Puppy and phones are both weird. But they are weird in different ways. Phones are weird in a network way - they have custom network code. Their software is also much less widely tested, and is often closed-source so that only people in the actual company have audited it.

Puppy is not at all weird in a network way. The network code is the same as any other Linux, whether server or desktop. The things that are weird in Puppy are the filesystem, the application choices, stuff like that.

You should be far more worried about how secure your network-related software is than Linux itself. Your browser, your browser's plugins, your chat program, any online games you play, any servers you run, etc. Those things all get far less individual attention than the OS's network code. (In particular, I would worry about Flash, as that is closed source and has a history of being a buggy piece of excrement.) And that applies equally to any distro you use - the only impact Puppy has would be that Puppy tends to have older versions of software.

Also, keep in mind that when some server, which happens to run on Linux, gets hacked into, that doesn't mean anything regarding the security of Linux. (Yes I know this thread is about a phone, not a server.) Most of the time when somebody "hacks into a server", what they actually do is exploit a bug in whatever webapps the server is running. Stuff like this forum, or a wiki, or what-have-you. Or they might somehow obtain an administrator's password (lucky guess, keylogger, surveillance, brute force, network sniffing, etc.). Failing that, they probably exploited a bug in a server program (php, apache, mysqld, sshd, etc.), which normal desktop Linuxes don't have. It is much rarer that they get in via a problem with Linux itself._________________Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum